OT: change NT login procedure
Gerald Carter
gcarter at valinux.com
Thu Feb 1 01:24:44 GMT 2001
Osama Abu-Aish wrote:
>
> In many environments NIS is used which sends the
> passwd-hashes (which are cleartext equivalent) over
> the wire. And AFAIK LDAP authentication sends also
> the passwd in cleartext.
Ummm....These two statements are wrong. DES password
hashes used in /etc/passwd are not clear text equivalents.
The use of salt in the encryption key make a given
ascii string hash to different value each time. (as opposed to
lanman/NT hashes which are plain text equivalents).
Refer to the SASL implementations in the LDAP v3
rfcs (2251 in particular) for more on LDAP binds.
While there is a simple bind (clear text), this is not
the only one available.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list